WHAT IS CLAIMED IS: 

1 . A method comprising: 

generating session information for a client, a system node, and a data node 
if the client and system nodes satisfy at least one condition for accessing each 
other; 

receiving at the data node a request from the client to access the system 
node and a request from the system node to access the client; and 

establishing a secure authenticated connection between the client and the 
system node via the data node based at least in part on the session information. 

2. The method of claim 1, further comprising receiving at a control 
node a request from the client for the session information. 

3. The method of claim 1, further comprising registering the system 
node with a control node. 

4. The method of claim 1, further comprising providing a list of 
registered system nodes to the client, wherein the system node is selected at the 
client from the list of registered system nodes. 
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5. The method of claim 1, further comprising notifying the system node 
when a message is received from the client at the data node. 

6. The method of claim 5, further comprising establishing a secure 
authenticated connection between the system node and the data node. 

7. The method of claim 6, sending the message from the data node to 
the system node over the secure authenticated connection between the system node 
and the data node. 
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8. A computer program product encoding computer programs for 
executing on a control node and a data node a computer process, the computer 
process comprising: 

generating session information for a client, a system node, and a data node 
if the client and system nodes satisfy at least one condition for accessing each 
other; 

receiving at the data node a request from the client to access the system 
node and a request from the system node to access the client; and 

establishing a secure authenticated connection between the client and the 
system node via the data node based at least in part on the session information. 

9. The computer program product of claim 8 wherein the computer 
process at the control node further comprises registering the system node. 

10. The computer program product of claim 8 wherein the computer 
process at the control node further comprises updating a client database with a 
dynamic network address for the system node on a recurring basis. 



Iee@hayes pile 509-324-9256 



23 



CN1-019US 



1 1 . The computer program product of claim 8 wherein the computer 
process at the data node further comprises: 

notifying the system node when a message is received from the client at the 
data node; 

establishing a secure authenticated connection between the system node and 
the data node; and 

sending the message from the data node to the system node over the secure 
authenticated connection between the system node and the data node. 
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12. A system for establishing a secure authenticated network connection 
between a client and a system node, comprising: 

a control node linked to the client and the system node, the control node 
providing the client and the system node with session information if the client and 
system node satisfy at least one condition for accessing each other; and 

a data node communicatively coupled to the control node, the data node a 
request from the client to access the system node and a request from the system 
node to access the client and establishing a secure authenticated connection 
between the client and the system node via the data node based at least in part on 
the session information. 

13. The system of claim 12 wherein the session information includes at 
least a network address for the system node. 

14. The system of claim 12 wherein the session information includes at 
least a dynamic network address for the system node. 

15. The system of claim 12 wherein the session information includes a 
status of the system node. 
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16. The system of claim 12 wherein the secure authenticated connection 
between the data node and the system node is established in response to the data 
node receiving a message from the client. 

17. The system of claim 12 further comprising a client database 
operatively associated with the control node, the client database including a data 
structure identifying system nodes registered with the control node. 

18. The system of claim 17 wherein the data structure identifies 
authorized users of the system nodes registered with the control node. 

19. The system of claim 12 further comprising a session database 
operatively associated with the data node, the session database storing the session 
information received from the control node. 

20. The system of claim 12 wherein the session information for a client 
session is removed from the session database when the client session ends. 
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